Trojan Part 1
1.What is this text about?
/=-=-=-=-=-=-=-=-=-=-=-=-=-=/
In this text I'm going to explain you interesting things about
the trojans and about their future.I hope you'll realize that
trojans are dangerous and they're still big security problem although
many people say don't download files from the net and you won't get
infected which is not right.The main thing I want to explain here is
do the trojans have future and other interesting things about them.
This text is only for Windows based trojans not Unix one.
=-=-=-=-=-=-=-=-=-=-=-=-=-=
2.What Is A Trojan Horse?
/=-=-=-=-=-=-=-=-=-=-=-=-=/
A trojan horse is
-An unauthorized program contained within a legitimate program. This unauthorized
program performs functions unknown (and probably unwanted) by the user.
-A legitimate program that has been altered by the placement of
unauthorized code within it; this code performs functions unknown
(and probably unwanted) by the user.
-Any program that appears to perform a desirable and necessary
function but that (because of unauthorized code
within it that is unknown to the user) performs functions unknown
(and probably unwanted) by the user.
Trojans can also be called RAT's, or Remote Administration Tools.
The trojan got it's name from the old mythical story about how the greeks during
the war, gave their enemy a huge wooden horse as a gift.
They accepted this gift and they brought into their kingdom,
and during the night, greek soldiers crept out of the horse and attacked the city,
completely overcoming it.
3.Trojans Today
/=-=-=-=-=-=-=-=/
Trojans has always been big security problem even today.Most of the people
don't know what a trojan is and they keep downloading files from untrusted
sources or from suspicious people.Today there are more than 600 trojans on
the net that I know but I think there are many many more.Because every hacker or
programer today have it's own trojan made for his/her special needs and not
published anywhere.Every hacking group has also it's own trojans and programs.
When someone start learning winsock the first creating is chat client or trojan
horse.Even the anti-virus scanners I'll talk below people still get infected
by themselves,by some hacker or by some of your friends.
----------------------->
4.The Future Of Trojans
=-=-=-=-=-=-=-=-=-=-=-=-=
I think there're a lot of people out there that think the
trojans are outdated and they don't have future.Well I don't
think so.Trojans will always have future and new things added in
them.There are so many things that can be improved by skilled programers
in the trojans.
Trojans that COMPLETELY hide in the system and of course restart every time Windows is loaded
trojans that will lie every trojan and anti-virus program this is the future I think.
People that program trojans has a lot of ideas that makes their trojans unique.
These people start placing backdoors in ActiveX and who knows maybe in future they'll
find other sources they can place the trojans in.Programmers will always think of
new and unique trojans with functions never seen before.
Trojans are made every day by the programers with new options and with better encryption so
the Anti-Trojan software can't detect them.So noone knows how many are the trojans on the net.
But the programmers are still programming trojans and they will continue in the future.
Technically, a trojan could appear almost anywhere, on any operating system or platform.
However, with the exception of the inside job mentioned previously, the spread of trojans works
very much like the spread of viruses. Software downloaded from the Internet, especially shareware or freeware,
is always suspect. Similarly, materials downloaded from underground servers
or Usenet newsgroups are also candidates.There are thousand of programs with not checked
source and new programs are appearing every day especially the freeware one so they can all be
trojans.So be careful what you're downloading and from where you're downloading it.
Always download software from the official page.
----------------------------->
5.Anti-Virus Scanners
/=-=-=-=-=-=-=-=-=-=-=-=/
People think that when they have a virus scanner with the latest virus definitions
they're secure on the net and they can't get infected with a trojan or noone can
have access to their computer.This is NOT right.The purpose of the anti-virus
scanners is to detect not trojans but viruses.But when trojans became popular
the scanners started adding also trojan definitions.These scanners just can't
find the trojans and analyze them that's why they're just detecting the common
and the well know from everyone trojans like Back Orifice and NetBus and also
several other.As I told they're around 600 trojans I know out there and the
anti-virus scanners are detecting just a LITTLE part of them.
These scanners are not firewalls that will stop someone that want to connect
to your computer or try to attack you as people think they are.So I hope that
you understand that the main purpose of these scanners is not to detect
trojans and protect you while you're online.
Most of the internet users know only Back Orifice and NetBus as trojans.
There are some specific tools out there that clean ONLY from these trojans.
Again people think that they're secure and protected from every trojan.
--------------------------->
6.How Can I get Infected?
/=-=-=-=-=-=-=-=-=-=-=-=-=-=/
Everyone ask this question and often people ask themselves how they got
infected.Also when someone ask them did they run some file send to them
by someone or downloaded from somewhere people always say they didn't
run anything or download some file but they did it.People just don't
pay attention to things they do online and that's why they forget
about the moment of the infection with the trojan.
You can get infected from many places and I'll try to explain
you these things here.
6.1 From ICQ
6.2 From IRC
6.3 From Attachment
6.4 Physical Access
6.5 Tricks-diskette
6.1 From ICQ
People think that they can't infect while they're talking via ICQ
but they just forget the moment when someone sends them a file.
Everyone knows how insecure ICQ is and that's why some people
are afraid of using it.
As you maybe know there's a bug in ICQ allowing you to send a .exe
file to someone but it will look as .bmp or .jpg or whatever you want
it to look like.This is very dangerous as you see and can get you in
trouble.The attacker will just change the icon of the file like
a BMP image,tell you it's a pic of him,rename it to photo.bmp
then you'll get it and of course before getting it you'll see that
it's .bmp and you're secure because the file is not executable.
Then you run it see the picture and you think there's nothing to
worry about but there is.
That's why most of the people say that they didn't run any files
because they know that they've run an image not executable.
A way to prevent this bug in ICQ is always to check the type of
the file before running it.It may has an BMP icon but if at the type
of the file is written executable I thin you know that it will be
mistake if you run that file.
6.2 From IRC
You can also get infected from IRC by receiving files from
untrusted sources.But I advice you always to be paranoid
and do not receive files from ANYONE even from your best
friend because someone may stolen his/her password
and infect you.Some people think that they can be 100% sure
that the other person is their friend when they ask him/her
something like a secret or something else that only he/she know
but as I told you be paranoid because someone may infect your friend
and just check his/her IRC logs and see what is this secret about or
learn other things.Be paranoid it's more secure as I say and do not
receive files from anyone on IRC or from somewhere else like
e-mail,ICQ or even your online friends.
6.3 From Attachment
The same thing goes about the e-mail attachments.NEVER run anything
even if it says you'll see hot porno or some passwords for server or
anything else.The best way to infect someone with a trojan is mass
e-mailing the server because there're new people on the net and
they'll of course get infected.This is the best way of infecting
as I said that's why it's preferred by the people that want to infect
the masses.
6.4 Physical Access
You can of course get infected by some of your "friends" when they
have physical access to your computer.Let's suppose you leave
someone on your computer just for 5 minutes,then of course you can
get infected by one of your "friends".There are some very smart people
out there that keep thinking of new ways of getting physical access
to someone's computer.Here are some tricks that are interesting:
1.You "friend" may ask you "Hey bro can you give me some water"
or something that will leave him alone.You'll go to take some
water and then........You know
2.The attacker may have a plan.Let's say you invited him/her
at 12:00 at your home and that attacker told one of your
"friends" to call the victim at 12:15 and start talking
about something with the victim.The attacker again have time
to infect you.
Also the "friend" that is calling you may say something like
"Is there anyone around you,if so move somewhere
else I don't want anyone to hear what we are talking about"
The attacker is again alone and have time to infect you.
6.5 Trick
This is one trick that may work on people that really
want something and the attacker knows what is it.
Let's say that the victim wants to watch some porno
or want xxx passwords,then attacker can just leave
a diskette with the trojan in the front of the victim's
house and put the trojan with some xxx pics of course.
This is bad things because sometimes if you really want
something and you finally found it you don't think about
anything else except to check it you.You again get infected.
I hope now you understand how you got infected the last time
(if you got infected of course).
----------------------------------->
7.How dangerous a trojan can be?
/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/
Many people that don't know what a trojan is
think that when they run an executable nothing
happened because their computer is still working
and all the data is there,if it was a virus
their data will be damaged and their computer will
stop working.
Someone is downloading and uploading files on your
computer.
Someone is reading all of your IRC logs and learning
interesting things about you and your friends.
Someone is reading ALL of your ICQ messages.
Someone is deleting files on your computer.
These are some examples how dangerous a trojan can be.
There people that use trojans just to place virus
on the infected machine like CIH and destroy the machine.
--------------------------->
8.Different Kinds Of Trojans
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Remote Access Trojans
-------------------------------
These trojans are the most popular trojans now.
Everyone wants to have such trojan because he
or she want to have access to their victim's hard drive.
The RAT'S (remote access trojans)are very
simple to use.Just make someone run the server
and you get the victim's IP and you have FULL
access to his or her computer.They you can
almost everything it depends of the trojan you use.
But the RAT'S have the common remote access trojan functions like:
keylogger,upload and download function,
make a screen shot and so on.Some people use the
trojans for malicious purposes.
They want just to delete and delete.This is lame.But a have a guide
about the best way to use a trojan.You should read it.
There are many programs out there
that detects the most common trojans,but new trojans are
coming every day and these programs are not the maximum defense.
The trojans do always the same things.
If the trojan restart every time Windows is loaded that
means it put something in the registry
or in win.ini or in other system file so the trojan can restart.
Also the trojans create some file in
the WINDOWS\SYSTEM directory.The file is always looking
to be something that the victim will think
is a normal WINDOWS executable.Most trojans hide
from the Alt+Ctrl+Del menu.This is not
good because there are people who use only this way to see
which process are running.There are programs
that will tell me you exactly the process and the
file from where it comes.Yeah but some trojans
as I told you use fake names and it's a little hard
for some people to understand which process
should they kill.The remote access trojans opens
a port on your computer letting everyone to connect.
Some trojans has options like change the port
and put a password so only the guy that infect you
will be able to use the computer.The change
port option is very good because I'm sure you
don't want your victim to see that port 31337 is open
on their computer.Remote access trojans are
appearing every day and they will continue to appear.
For those that use such trojans: BE CAREFUL
you can infect yourself and they the victim you
wanted to destroy will revenge and you'll be sorry.
---------------------------------------
Password Sending Trojans
The purpose of these trojans is to rip all cached
passwords and send them to specified e-mail
without letting the victim about the e-mail.
Most of these trojans don't restart every time Windows
is loaded and most of them use port 25 to
send the e-mail.There are such trojans that e-mail
other information too like ICQ number
computer info and so on.These trojans are dangerous if
you have any passwords cached anywhere on your computer.
----------------------------------------
Keyloggers
These trojans are very simple.The only one thing
they do is to log the keys that the victim is pressing
and then check for passwords in the log file.
In the most cases these trojans restart every
time Windows is loaded.They have options
like online and offline recording.In the online recording
they know that the victim is online and
they record everything.But in the offline recording
everything written after Windows start is
recorded and saved on the victims disk waiting for
to be transferred.
----------------------------------------
Destructive
The only one function of these trojans is to
destroy and delete files.This makes them very simple
and easy to use.They can automatically
delete all your .dll or .ini or .exe files on your computer.
These are very dangerous trojans and once
you're infected be sure if you don't disinfect your
computer information will no longer exist.
-----------------------------------------
FTP trojans
These trojans open port 21 on your computer
letting EVERYONE that has a FTP client to connect
to your computer without password and will full upload and download options.
These are the most common trojans.They all are dangerous
and you should me careful using them.
-------------------------------------->
9.Who Can Infect You?
/=-=-=-=-=-=-=-=-=-=-=/
Well basically you can get infected by everyone that know how
to use a trojan(it's VERY easy) and of course know how to infect you.
People that use trojans are wannabe hackers that are just at the stage
of using trojans.Some of these people don't move to the next stage
and they're lamers that can only use trojans and as I said it's VERY easy.
But after reading this text you'll know the most common ways that someone
can infect you with a trojan and it will be hard for the people using them
to infect you.
------------------------>
10.What Is The Attacker Looking For?
/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/
Some of you may think that trojans are used for damage only.
Well they can also be used to spy on someone's machine and
take a lot of private information from it.Wellthe common data an attacker looks
for would include but not limit to the following.
-----> Credit Card Information
-----> Credit Information
-----> Checking Account Information
-----> Any accounting data
-----> Data bases
-----> Mailing Lists
-----> Personal Addresses
-----> Email Addresses
-----> Account Passwords
-----> Home Office / Small Business Information
-----> Company Accounts / Subscribed for Services
-----> Resumes
-----> Any Company Information / Services He Can Access
-----> Your or spouse's first and last name
-----> Children's names / ages
-----> Your address
-----> Your telephone number
-----> Letters you write to people
-----> Your personal resume
-----> Your family pictures
-----> School work
-----> Any school accounts / information
